Search Results (Refine Search)
- CPE Product Version: cpe:/o:mandrakesoft:mandrake_linux:10.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2007-4137 |
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. Published: September 18, 2007; 3:17:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-1352 |
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. Published: April 05, 2007; 9:19:00 PM -0400 |
V3.x:(not available) V2.0: 3.8 LOW |
CVE-2005-2377 |
nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to become unavailable. NOTE: it is not clear whether this attack scenario is sufficient to include this item in CVE. Published: July 26, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-0085 |
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. Published: April 27, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2004-1235 |
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. Published: April 14, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 6.2 MEDIUM |
CVE-2005-0003 |
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file. Published: April 14, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2005-0020 |
Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code. Published: April 14, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2005-0472 |
Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ. Published: March 14, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-0473 |
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208. Published: March 14, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-0605 |
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. Published: March 02, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2004-0983 |
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. Published: March 01, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2004-1051 |
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. Published: March 01, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2004-0974 |
The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. Published: February 09, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2004-0975 |
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. Published: February 09, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2004-0977 |
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files. Published: February 09, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2004-0886 |
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. Published: January 27, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2004-1014 |
statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated. Published: January 10, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2004-1098 |
MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header. Published: January 10, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2004-1158 |
Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. Published: January 10, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2004-1171 |
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. Published: January 10, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |